On 6/3/09 12:16 AM, J.D. Falk wrote:
Jon Callas wrote:
Okay. I misunderstood. If it's a DNS-level list of all possible
algorithms, it has very limited use, and can go.
+1
It's not a list. Dave got it wrong. Please look at RFC 4871:
k= Key type (plain-text; OPTIONAL, default is "rsa"). Signers and
verifiers MUST support the "rsa" key type. The "rsa" key type
indicates that an ASN.1 DER-encoded [ITU.X660.1997] RSAPublicKey
[RFC3447] (see Sections 3.1 and A.1.1) is being used in the "p="
tag. (Note: the "p=" tag further encodes the value using the
base64 algorithm.)
ABNF:
key-k-tag = %x76 [FWS] "=" [FWS] key-k-tag-type
key-k-tag-type = "rsa" / x-key-k-tag-type
x-key-k-tag-type = hyphenated-word ; for future extension
The basic question is simply this: is it sufficient to list the key
algorithm in the header? I don't see a plausible attack, so I'm okay
with that. But let's at least have the debate based on facts.
Eliot
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html